[Pkg-rust-maintainers] Bug#1103252: rust-pprof - soundness issue RUSTSEC-2024-0408
Peter Green
plugwash at debian.org
Tue Apr 15 16:54:50 BST 2025
Package: rust-pprof
Version: 0.13.0-5
Severity: serious
X-debbugs-cc: alexander.kjall at gmail.com
A soundness issue was reported in rust-prost 0.13,
https://rustsec.org/advisories/RUSTSEC-2024-0408.html
which is reported as causing real-world failures in
downstream applications.
I looked at updating to the new upstream version,
(wip packaging for new upstream version is in the
debcargo-conf git) but that introduces a dependency
on a crate that is not in Debian.
rust-pprof does not appear to have any reverse
dependencies, and I don't think it should be included
in trixie in it's current state.
More information about the Pkg-rust-maintainers
mailing list